package com.ibm.mq;

import com.ibm.mqservices.Trace;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.security.cert.CRL;
import java.security.cert.CertStore;
import java.security.cert.CertStoreException;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.LDAPCertStoreParameters;
import java.security.cert.X509CRLSelector;
import java.util.Collection;
import java.util.Iterator;
import java.util.Vector;
import javax.naming.NameNotFoundException;
import javax.naming.NamingException;
import javax.security.auth.x500.X500Principal;
import javax.security.cert.X509Certificate;

/* loaded from: input_file:MQLib/com.ibm.mq.jar:com/ibm/mq/SSLCRLHelper.class */
public class SSLCRLHelper {
    public static final String CLSNAME = "SSLCRLHelper";
    private static final String sccsid = "@(#) javabase/com/ibm/mq/SSLCRLHelper.java, java, j600, j600-200-060630 1.10.1.1 05/05/25 15:42:25";
    private static final String copyright_notice = "Licensed Materials - Property of IBM 5724-H72, 5655-L82, 5724-L26     (c) Copyright IBM Corp. 2002, 2005 All Rights Reserved. US Government Users Restricted Rights - Use, duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp.";

    /* JADX INFO: Access modifiers changed from: package-private */
    /* JADX WARN: Multi-variable type inference failed */
    public static void check(X509Certificate x509Certificate, Collection collection) throws MQException {
        if (collection.size() == 0) {
            return;
        }
        Throwable th = null;
        boolean z = false;
        Iterator it = collection.iterator();
        while (it.hasNext() && !z) {
            try {
                CertStore certStore = (CertStore) it.next();
                if (certStore != null) {
                    if (Trace.isOn()) {
                        Trace.trace(CLSNAME, "Searching CRL server");
                    }
                    X509CRLSelector x509CRLSelector = new X509CRLSelector();
                    String name = x509Certificate.getIssuerDN().getName();
                    if (Trace.isOn()) {
                        Trace.trace(CLSNAME, new StringBuffer().append("Setting issuer to ").append(name).toString());
                    }
                    try {
                        x509CRLSelector.addIssuerName(new X500Principal(name).getName("CANONICAL"));
                        Collection vector = new Vector();
                        try {
                            if (Trace.isOn()) {
                                Trace.trace(CLSNAME, "Retrieving CRLs");
                            }
                            try {
                                vector = certStore.getCRLs(x509CRLSelector);
                            } catch (CertStoreException e) {
                                if (!(e.getCause() instanceof NamingException)) {
                                    throw e;
                                }
                                if (!(e.getCause().getRootCause() instanceof NameNotFoundException)) {
                                    throw e;
                                }
                                if (Trace.isOn()) {
                                    Trace.trace(CLSNAME, "Caught Sun NameNotFoundException - ignoring");
                                }
                            }
                            try {
                                Certificate generateCertificate = CertificateFactory.getInstance("X509").generateCertificate(new ByteArrayInputStream(x509Certificate.getEncoded()));
                                if (vector.size() == 0) {
                                    if (Trace.isOn()) {
                                        Trace.trace(CLSNAME, "Issuer has no revoked certificates - accepting");
                                    }
                                    z = true;
                                } else {
                                    if (Trace.isOn()) {
                                        Trace.trace(CLSNAME, "Validating certificate against CRL");
                                    }
                                    Iterator it2 = vector.iterator();
                                    while (it2.hasNext()) {
                                        if (((CRL) it2.next()).isRevoked(generateCertificate)) {
                                            throw new MQException(2, MQException.MQRC_SSL_CERTIFICATE_REVOKED, Thread.currentThread(), 122);
                                        }
                                        if (Trace.isOn()) {
                                            Trace.trace(CLSNAME, "Not revoked - accepting");
                                        }
                                        z = true;
                                    }
                                }
                            } catch (CertificateException e2) {
                                throw new MQException(2, MQException.MQRC_UNEXPECTED_ERROR, x509Certificate);
                            } catch (javax.security.cert.CertificateException e3) {
                                throw new MQException(2, MQException.MQRC_UNEXPECTED_ERROR, x509Certificate);
                            }
                        } catch (CertStoreException e4) {
                            if (th == null) {
                                th = e4;
                            }
                        }
                    } catch (IOException e5) {
                        throw new MQException(2, MQException.MQRC_JSSE_ERROR, "static method in SSLCRL code", 54);
                    }
                } else if (th == null) {
                    th = new NullPointerException();
                }
            } catch (ClassCastException e6) {
                if (th == null) {
                    th = e6;
                }
            }
        }
        if (z) {
            return;
        }
        MQException mQException = new MQException(2, MQException.MQRC_SSL_CERT_STORE_ERROR, "static method in SSLCRL code", 123);
        mQException.initCause(th);
        throw mQException;
    }

    public static void addCertStoreAsString(String str, Collection collection) throws MQException {
        String substring;
        int i = 389;
        int indexOf = str.indexOf(58, 7);
        if (indexOf != -1) {
            substring = str.substring(7, indexOf);
            i = Integer.parseInt(str.substring(indexOf + 1));
        } else {
            substring = str.substring(7);
        }
        try {
            collection.add(CertStore.getInstance("LDAP", new LDAPCertStoreParameters(substring, i)));
        } catch (Exception e) {
            throw new MQException(2, MQException.MQRC_UNEXPECTED_ERROR, str);
        }
    }

    public static void addMQCrlCertStore(Object obj, Collection collection) throws MQException {
        if (!(obj instanceof MQCrlInformation)) {
            if (Trace.isOn()) {
                Trace.trace(CLSNAME, "Invalid CRL Object passed into method ");
            }
            throw new MQException(2, MQException.MQRC_SSL_INITIALIZATION_ERROR, CLSNAME);
        }
        MQCrlInformation mQCrlInformation = (MQCrlInformation) obj;
        try {
            collection.add(CertStore.getInstance("LDAP", mQCrlInformation));
        } catch (Exception e) {
            if (Trace.isOn()) {
                Trace.trace(CLSNAME, new StringBuffer().append("Exception building certStore ").append(mQCrlInformation.getServerName()).append(":").append(mQCrlInformation.getPort()).toString());
                Trace.exceptionTrace(5, CLSNAME, e);
            }
            throw new MQException(2, MQException.MQRC_SSL_INITIALIZATION_ERROR, e);
        }
    }
}
